timing attack

A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by studying how long it takes the system to respond to different inputs.

Download this free guide

Your Guide to Info Sec Certifications

We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Timing characteristics will vary depending upon on the encryptionkey because different systems take slightly different amounts of time to process different inputs. Variables include performance optimizations, branching and conditional statements, processor instructions, RAM and cache hits. A timing attack looks at how long it takes a system to do something and uses statistical analysis to find the right decryption key and gain access.

The canonical example of a timing attack was designed by cryptographer Paul Kocher. He was able to expose the private decryption keys used by RSA encryption without breaking RSA. Timing attacks are also used to target devices such as smartcards and web servers that use OpenSSL. Web servers were believed to be less vulnerable to timing attacks because network conditions could mask differences in timing; recent research has challenged that assumption.

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy